Firewall and Reverse proxy, NAT


(Zoltán Polyák) #1

NethServer Version: 7.4.1708
Module: Firewall and anothers

Hi there!

This is the first time when we use Nethserver as a firewall at a bigger company, but we can’t figure out, how to do this:
We used to use simple firewall builder software, and everythings worked fine.
So the case:
Two ISP IP address:

  • (this is on the red interface) for mail server, and two web servers on port 80
  • (Ip alias on the red interface) for an another web server but its listening on the 8080 port, from outside 80

So, how can I set up the firewal to access the web severs from the wan and the lan, like:
domain: - - server lan ip/ports:, 25,465, etc
domain: - - server lan ip/port:
domain: - - server lan ip/port:

One of our rules:
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d . --dport 8080 -j DNAT --to-destination
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d --dport 8080 -j DNAT --to-destination
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -d --dport 8080 -j SNAT --to-source -firewall

So how can I translate it to Nethserver language?

Thanks you very much for your help!

(Michael Träumner) #2

For the WAN-site I would configure a port-forwarding. SNat is also available.
Edit:SNAT is only for the way outside. The docs only say to do it withport forwarding.
The documentation of the firewal you can find here:
Perhaps @mrmarkuz has some more experience with it.

(Zoltán Polyák) #3

Job done!
Close or delete topic.

(Michael Träumner) #4

The best way would be to post your solution and mark it as solved.